Infosecurity 2016: The Insider Threat is still the Most Dangerous

- Infosecurity Europe 2016 -

BrightTALK was delighted to catch up with Boldon James' CEO Martin Sugden to hear his thoughts on the cyber security industry.

Martin covered topics including the San Bernadino iPhone unlock case and the surrounding influence on encryption. He also addressed how financial institutions can better protect themselves from data breaches and cyber criminals; who the principal threat actors are these days, especially the insider threat and he covered the bright future for data-driven security.

Organisations in 2019 will be increasingly faced with a hyperconnected world where the pace and scale of change – particularly in terms of technology – will accelerate substantially. Business leaders need to develop cutting-edge ways to deal with new regulation, advanced technology and distorted information.

In this webinar, Steve Durbin, Managing Director, ISF will discuss the threats organisations will be facing in 2019 and how business leaders and their security teams can address them. The emerging cyber threats to lookout for include:

Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of specialism include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments.

Organisations increasingly rely on cloud services, motivated by the benefits of scalability, accessibility, flexibility, business efficiencies and reduced IT costs. However, there are several security implications that organisations need to address, including the challenge of verifying identity and managing access to cloud services.

Cloud services bring added complexity to identity and access management, exacerbated by the distribution of data across a myriad of applications accessed by users from multiple devices and locations. Failure to adequately implement user authentication and access control in the cloud can be exploited by attackers to gain access to users’ credentials, manipulate systems and compromise data.

In this webinar, Senior Research Analyst Dr Emma Bickerstaffe and Principal Analyst Benoit Heynderickx will discuss identity management, access control and user authentication in the cloud environment, and consider how organisations can effectively tackle this security concern.

Learn about the CISSP employment endorsement and the CISSP Associate Status.

In Clinic #5, you will learn about the CISSP employer endorsement and how it works. You will also learn what happens when you pass the exam but still cannot meet all of the CISSP employment requirements. Specifically, you receive information about the CISSP Associate status and how employers will respond to you when you pass the exam and still need more experience.

If you want to pass your CISSP Exam the first time, you’ll want to attend and then review this series of five live online CISSP Exam Prep Clinics. In these five valuable CISSP exam clinics you will learn about:

• The new CISSP exam format, the “adaptive exam format”
• How hands-on labs will help you prepare for your exam
• Tactics to select the best answer for each question
• How to get your employment endorsement and what happens if you need more experience

These five Clinics include tips for all 8 CISSP domains covered in the exam.

Learn how to analyze exam answer choices so you can select the best answers.

In Clinic #4, you will learn tactics for analyzing the answer choices and then selecting the “best answer”. Often there is no “right” answer and you need to eliminate the less likely answers.

If you want to pass your CISSP Exam the first time, you’ll want to attend and then review this series of five live online CISSP Exam Prep Clinics. In these five valuable CISSP exam clinics you will learn about:

• The new CISSP exam format, the “adaptive exam format”
• How hands-on labs will help you prepare for your exam
• Tactics to select the best answer for each question
• How to get your employment endorsement and what happens if you need more experience

These five Clinics include tips for all 8 CISSP domains covered in the exam.

How can Blockchain improve trust, security, and compliance? Can the decentralised nature of this technology be the missing piece in solving cybersecurity challenges?

Listen in to this panel of security luminaries where they will discuss:
-Key considerations for leveraging the blockchain in the age of GDPR
-What sort of infrastructure must be in place to ensure a secure environment?
-Is the blockchain itself secure?
-How do you build a trust network around the blockchain?
-What are some of the cybersecurity challenges that can be mitigated and managed by the blockchain?

With the ever-increasing frequency and sophistication of security threats to organisations, business leaders need to have a comprehensive data security strategy to protect themselves. Information security practitioners have to think and plan beyond existing protection capabilities that are aimed at preventing threats only. Today's cyber security strategies need to protect an organisations mission critical assets in a way that is:

‒ balanced, providing a mixture of informative, preventative and detective security controls that complement each other
‒ comprehensive, providing protection before, during and after threat events materialise into security incidents
‒ end-to-end, covering the complete information life cycle.

This will enable organisations to match the protection provided with the sophistication of threats to such mission critical information assets. This webinar will look at past and present models and share ideas on how organisations can ‘future proof’ their strategies to combat next generation threats.

In particular in this webinar, Nick Frost, Principal Consultant at the ISF will discuss what actions can be taken to identify your most critical information assets, and how a modern day cyber security model needs to focus on prevention and detection of a data breach, and how to respond to a breach in order to reduce damage to brand and reputation.

In Clinic #3, you will learn tactics for analyzing each exam question. Then, you receive tips on how use your analysis to select the best answer.

If you want to pass your CISSP Exam the first time, you’ll want to attend and then review this series of five live online CISSP Exam Prep Clinics. In these five valuable CISSP exam clinics you will learn about:

• The new CISSP exam format, the “adaptive exam format”
• How hands-on labs will help you prepare for your exam
• Tactics to select the best answer for each question
• How to get your employment endorsement and what happens if you need more experience

These five Clinics include tips for all 8 CISSP domains covered in the exam.

In Clinic #2 you will learn how to integrate labs into your CISSP study plan.

If you want to pass your CISSP Exam the first time, you’ll want to attend and then review this series of five live online CISSP Exam Prep Clinics. In these five valuable CISSP exam clinics you will learn about:

• The new CISSP exam format, the “adaptive exam format”
• How hands-on labs will help you prepare for your exam
• Tactics to select the best answer for each question
• How to get your employment endorsement and what happens if you need more experience

These five Clinics include tips for all 8 CISSP domains covered in the exam.

In Clinic #1, you will learn how the new CISSP exam format works. Then, you will learn tactics on how best to respond to this “adaptive exam format”.

If you want to pass your CISSP Exam the first time, you’ll want to attend and then review this series of five live online CISSP Exam Prep Clinics. In these five valuable CISSP exam clinics you will learn about:

• The new CISSP exam format, the “adaptive exam format”
• How hands-on labs will help you prepare for your exam
• Tactics to select the best answer for each question
• How to get your employment endorsement and what happens if you need more experience

These five clinics include tips for all 8 CISSP domains covered in the exam.

We will look at the background of existing incumbent systems and rule-based infrastructure now operating in Banks, and establish why the use of Machine Learning and AI helps alleviate 20% of cost and increase customer satisfaction while protecting the transaction and networks of the bank from intrusion. Also, the new device and contextual Big Data services of Cybertonica will be described. In the end, we need to see how security and customer convenience can be optimised while reducing cost and friction in the banks systems.

Joshua has 20 years experience in managing tech companies and startups. He is the founder of 4 businesses in online funding, media and FinTech. Joshua is a graduate of Harvard (MA) and INSEAD (MBA). He speaks fluent Russian, French and German.

Although overused, Next Generation Security still means keeping up with the challenges of securing today’s networks. The fundamental rule of keeping up with those challenges is having both a vision and an architecture that provides the foundation, regardless of how the market or the threats themselves change.

This session will focus on what is needed in an evolving security architecture to provide Next Generation Security in a constantly changing environment.

IoT, IIoT, OT... It is likely that for many of us these acronyms are confusing. The fact is that traditional industrial environments, such as utilities and production, have started a digital transformation process which harness these and other technologies to become more efficient, automated and competitive.

Within this transformation from a well-defined and well-controlled industrial ecosystem to a dynamic and open one, lurks a shift in the security challenges, needs and solutions/architecture.

This session will focus on the technologies and challenges digital transformation introduces in industrial environments and how Fortinet’s Security Fabric is deployed in such an environments to provide the required security infrastructure and posture, including demonstration of some simplified use cases.

Data protection has always been important, but with the GDPR deadline looming and data sharing scandals shaking consumer confidence, securing personal data has never been more vital. The GDPR is leading businesses across the world to evaluate, and in many cases modify their data processing activities in line with upcoming law.

So what if you’ve left it too late? What are the key steps you can take to work towards GDPR compliance, even after deadline day?

Join us in this webinar with Alex Jordan, Senior Analyst at the Information Security Forum as he shares:

-The ISF’s phased approach to GDPR implementation
-Ways to determine the criticality of data and how to protect it appropriately
-The urgent actions that a business can take to get GDPR compliance started
-Common myths surrounding the GDPR, and guidance on cutting through the noise.

The United States spent around $3.5 trillion or 18% of GDP on healthcare. According to FBI, the amount of this spending lost due to fraud, waste, and abuse (FWA) ranged between $90 billion and $330 billion!

This talk will offer practical advice on how to effectively organize and join various healthcare data sources such as claim and clinical data, how to set-up the problem, and how to design an effective machine learning solution to identify FWA leads and expedite investigator review using intuitive visualization to understand the risk factors contributing to those leads.

There’s much hype and excitement around how AI and machine learning could transform the world of finance. But a key area of development growing behind the scenes of talking robots and automated assistants is how these new technologies will have a seismic impact on Anti-Money Laundering (AML) and Counter-terror Financing (CTF) back-end compliance processes. AI can dramatically improve AML risk data collection; spotting new risks faster and digging deeper for hidden risks.

It will also shift customer onboarding & KYC processes from ‘name matching’ to contextual ‘identity matching’ to reduce false positives and false negatives. Unlike other industries, the training data required to make this a reality with machine learning techniques are available today.

AI-driven compliance will ultimately have an enormous impact on how financial services will work - increasing automation, reducing manual overheads and helping prevent financial crime.

Presented by Charles Delingpole, CEO & Founder ComplyAdvantage

Charles Delingpole founded ComplyAdvantage in 2014, and as CEO leads the product development and growth of the company. Charles set up his first company, The Student Room Group, now the world’s largest student discussion forum, when he was 16. After completing his MA in Politics at Trinity College Cambridge, and then an MSc in Management, Strategy and Finance from the LSE, he became an associate at J.P. Morgan Cazenove. He then went on to co-found FinTech firm MarketInvoice, a peer -to - peer financing company which uses customer data to digitise the approach to financial risk analysis.

Payment fraud prevention tools have existed since the end of the 90s and have improved continuously since. In the last 2 to 3 years we have seen a new paradigm come into the space - machine learning.

This new technology is perfectly fitted for identifying fraud and is slowly being adopted by the market. Moving forward, using tools like this will no longer be a choice but rather an obligation for merchants. An obligation, as it will be at the origin of a competitive advantage which goes way beyond fraud prevention and will bleed into business intelligence fields.

In this session, Rodrigo Camacho, CCO at Nethone will walk you through the evolution fraud prevention touching on the following key points;

How the problem is solved by a large part of the industry today
The revolution that is happening in the space today
The halo effect that this revolution is going to have on the rest of business processes

Open Data is somewhat of a misnomer. For data sharing to take place, privacy must come first. As such, GDPR represents the essential rules of engagement without which the game of PSD2 cannot take place.

Rather than signalling an era of 'free love' between service providers and platforms, PSD2 and the API revolution mean that businesses and service providers must now be more secure than ever when it comes to user data.

In this session, Soldo's founder, Carlo Gualandri, explains how Soldo has responded to the regulatory environment by building a proprietary in-house GDPR-compliant machine to ensure privacy by design.

Cyber has become a strategic issue and for many companies is now a business enabler and increasingly a form of competitive advantage. However it is clear that it remains difficult for Board's to get the “right” management information to support their cyber risk discussions and decision making.

So how can Board's ensure that they are asking the right questions when it comes to an organisation’s cyber posture and how can CISOs maintain and improve the Board’s attention in this fast-moving space? This webinar will look at the challenges faced by CISOs and Board members and offer insights into how to successfully approach cyber security at Board level.

About the presenter:
Steve Durbin is Managing Director at the Information Security Forum (ISF). His main areas of specialism include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments.

What are the latest trends in the cyber-criminal underworld?
Which attacks are you likely to be preventing as we move further into 2018?
Who’s looking for vulnerability on your network?

These questions and more, answered by Peter Wood FBCS CITP MIEEE CISSP M.Inst.ISP
Chief Executive Officer, First Base Technologies LLP
Peter’s career spans 48 years, with experience in network security, social engineering, threat and risk analysis, red teaming, industrial control systems and electronics. He founded First Base Technologies, one of the UK’s first information security consultancies in 1989. Peter has provided security advice and guidance for businesses of all sizes for more than 28 years, leading a team of expert penetration testers and consultants unrivalled in the industry.
He is also a world-renowned security evangelist, speaking at major conferences and delivering seminars and webinars. He has appeared in documentaries for BBC television, provided commentary on security issues for TV and radio, and written many articles on a variety of security topics.
He is a BCS Fellow, a Chartered IT Professional, CISSP and a member of IISP, ISACA, ISSA, IEEE, ACM and Mensa. He is a visiting lecturer at the University of Sussex, teaching cybersecurity and ethical hacking.

The expectation from the start of 2017 – that we hadn’t seen the back of ransomware – was justified. 2017 was plagued with global attacks such as Petya, WannaCry, Bad Rabbit and many others. Unfortunately, 2018 could be even worse.

With ransomware continuously developing new delivery techniques, organisations must learn how to prepare and protect themselves from the threat of ransomware, but how can they do this?

In this webinar, Nick Frost, Principal Consultant at the ISF, will explore the latest threats in ransomware and what organisations can do to minimise vulnerabilities to reduce risks of an attack.

About the presenter:

Nick is currently the Principal Researcher for the Information Security Forum (ISF) Ltd. He has more than 15 years’ experience designing and implementing a risk-based approach to securing information. He has developed leading solutions for evaluating risk across both internal and supplier environments.

The Information Security Careers Network is the largest group on LinkedIn dedicated to helping people further their careers in IT & Information Security.

Due to our partnerships, we are able to offer discounts on some of the most popular security certifications and training courses, including CEH, CISSP, CCISO, and more.

www.infosec-careers.com

This BrightTALK channel is an extension of the group and the ISCN website (www.infosec-careers.com), featuring webinars, presentations and resources from some of the leading names in Information and IT Security to help you develop your knowledge and get the job you're after.